POC详情: a98ad9411c4bd4034bedf68e29d4a13f1fc2bda4

来源
https://github.com/julesbsz/CVE-2024-10924
关联漏洞
标题: WordPress plugin Really Simple Security 安全漏洞 (CVE-2024-10924)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Really Simple Security 9.0.0版本到9.1.1.1版本存在安全漏洞,该漏洞源于包含一个身份验证绕过漏洞。
介绍
# POC for CVE-2024-10924

An error handling flaw in the REST API of the Really Simple Plugins WordPress plugin (versions between 9.0.0 and 9.1.1.1 included) allows an attacker, when Two-Factor Authentication is enabled, to bypass authentication and take control of an existing user or administrator account.

As I'm a nice guy, you'll also find version 9.1.1.1 of the plugin. Just unzip and upload it in the `wp-content/plugins` folder. Don't forget to activate the plugin and enable 2FA.

## Requirements

Install the required dependencies using `pip`:

```bash
pip install -r requirements.txt
```

#### Dependencies List

-   **argparse**: For parsing command-line arguments
-   **validator-collection**: To validate the URL format.
-   **requests**: To send HTTP POST requests.
-   **random**: To generate a random nonce for the payload

## Usage

### Command Syntax

```bash
python exploit.py [-id USER_ID] URL
```

### Examples

1. **With a specific User ID**:

    ```bash
    python exploit.py -id 10 http://localhost:8886/
    ```

    This sends the exploit payload with a user ID of `10`.

2. **Without specifying User ID**:
    ```bash
    python exploit.py http://localhost
    ```
    Defaults the User ID to `1`.

## Example Output

### Successful Exploit

```plaintext
Exploit successful.

--------------------------------------------------
session_id=xyz123; path=/; HttpOnly
--------------------------------------------------
```

### Failed Exploit

```plaintext
Exploit failed. Maybe the target is not vulnerable or the user ID is incorrect.
```

## Security Considerations

-   **Use responsibly**: This script is for educational and penetration testing purposes only.
-   **Authorization**: Ensure you have explicit permission to test the target system.
-   **HTTPS**: Disable SSL verification (`verify=False`) only if necessary for testing.

## License

IDK but I'm not responsible for anything.
文件快照

 [4.0K]  /data/pocs/a98ad9411c4bd4034bedf68e29d4a13f1fc2bda4
├── [1.7K]  exploit.py
├── [1.9K]  README.md
├── [1.4M]  really-simple-ssl.zip
└── [  53]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。